I know this questions has been raised before, but I swear I have read through the other posts. I am using virtual hosts on Apache/2.4.7 (Ubuntu) server to host multiple wordpress sites. I have one site, SiteA which is running fine but SiteB (SiteBroken) is not running.
I installed apache via apt-get and my config file is
/etc/apache2
-rw-r--r-- 1 root root 7.3K Mar 28 15:29 apache2.conf
I have read about changing users either inside this file (which I am unsure of) or through the chown
command, and as such my permissions for SiteA vs. SiteB
/var/www/SiteA/public_html
total 188k
drwxr-xr-x 5 root root 4.0K Mar 31 00:42 ..
-rw-r--r-- 1 root root 25K Apr 4 20:23 wp-signup.php
-rw-r--r-- 1 root root 11K Apr 4 20:23 wp-settings.php
-rw-r--r-- 1 root root 33K Apr 4 20:23 wp-login.php
-rw-r--r-- 1 root root 2.9K Apr 4 20:23 wp-cron.php
-rw-r--r-- 1 root root 7.1K Apr 4 20:23 readme.html
-rw-r--r-- 1 root root 418 Apr 4 20:23 index.php
-rw-r--r-- 1 root root 3.0K Apr 4 20:23 xmlrpc.php
-rw-r--r-- 1 root root 4.0K Apr 4 20:23 wp-trackback.php
-rw-r--r-- 1 root root 2.7K Apr 4 20:23 wp-load.php
-rw-r--r-- 1 root root 2.4K Apr 4 20:23 wp-links-opml.php
drwxr-xr-x 12 root root 4.0K Apr 4 20:23 wp-includes
-rw-r--r-- 1 root root 2.7K Apr 4 20:23 wp-config-sample.php
-rw-r--r-- 1 root root 4.9K Apr 4 20:23 wp-comments-post.php
-rw-r--r-- 1 root root 271 Apr 4 20:23 wp-blog-header.php
-rw-r--r-- 1 root root 4.9K Apr 4 20:23 wp-activate.php
-rw-r--r-- 1 root root 20K Apr 4 20:23 license.txt
-rw-r--r-- 1 root root 8.1K Apr 4 20:23 wp-mail.php
drwxr-xr-x 9 root root 4.0K Apr 4 20:23 wp-admin
drwxr-xr-x 6 www-data www-data 4.0K Apr 16 14:55 wp-content
-rw-r--r-- 1 root root 3.5K Apr 16 14:58 wp-config.php
drwxr-xr-x 5 root root 4.0K Apr 16 14:58 .
/var/www/SiteB/public_html
total 220k
-rw-r--r-- 1 root root 3.0K Jan 5 21:17 xmlrpc.php
-rw-r--r-- 1 root root 4.0K Jan 5 21:17 wp-trackback.php
-rw-r--r-- 1 root root 25K Jan 5 21:17 wp-signup.php
-rw-r--r-- 1 root root 11K Jan 5 21:17 wp-settings.php
-rw-r--r-- 1 root root 8.1K Jan 5 21:17 wp-mail.php
-rw-r--r-- 1 root root 33K Jan 5 21:17 wp-login.php
-rw-r--r-- 1 root root 2.7K Jan 5 21:17 wp-load.php
-rw-r--r-- 1 root root 2.4K Jan 5 21:17 wp-links-opml.php
-rw-r--r-- 1 root root 2.9K Jan 5 21:17 wp-cron.php
-rw-r--r-- 1 root root 4.9K Jan 5 21:17 wp-comments-post.php
-rw-r--r-- 1 root root 271 Jan 5 21:17 wp-blog-header.php
-rw-r--r-- 1 root root 4.9K Jan 5 21:17 wp-activate.php
-rw-r--r-- 1 root root 418 Jan 5 21:17 index.php
drwxr-xr-x 9 root root 4.0K Jan 5 22:11 wp-admin
-rw-r--r-- 1 root root 20K Feb 18 22:05 license.txt
drwxr-xr-x 12 root root 4.0K Mar 1 21:57 wp-includes
-rw-r--r-- 1 root root 3.4K Mar 28 23:48 wp-config.php
-rw-r--r-- 1 root root 7.1K May 7 06:30 readme.html
drwxr-xr-x 8 www-data www-data 4.0K May 7 23:08 wp-content
-rw-r--r-- 1 root root 25K May 25 06:23 error_log
-rw-r--r-- 1 root root 792 May 30 14:50 2.htaccess
-rw-r--r-- 1 root root 241 May 30 14:51 .offline.htaccess
drwxr-xr-x 6 root root 4.0K May 30 14:55 ..
drwxr-xr-x 5 root root 4.0K Jun 1 07:25 .
I have removed the .httaccces
from SiteB configuration as I tried to eliminate that variable for casuing my site to receive the 403 error You don't have permission to access / on this server
/etc/apache2/sites-available
cat SiteA.conf
# public: /var/www/SiteA/public_html/
<VirtualHost *:80>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin webmaster@SiteA
ServerName www.SiteA
ServerAlias SiteA
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /var/www/SiteA/public_html
# Log file locations
LogLevel warn
ErrorLog /var/www/SiteA/log/error.log
CustomLog /var/www/SiteA/log/access.log combined
</VirtualHost>
/etc/apache2/sites-available
cat SiteBroken.conf
# domain: SiteBroken
# public: /var/www/SiteBroken/public_html/
<VirtualHost *:80>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin webmaster@SiteBroken
ServerName www.SiteBroken
ServerAlias SiteBroken
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /var/www/SiteBroken/public_html
# Log file locations
LogLevel warn
ErrorLog /var/www/SiteBroken/log/error.log
CustomLog /var/www/SiteBroken/log/access.log combined
</VirtualHost>
diff SiteA.conf SiteBroken.conf
1,3c1,2
<
<
< # public: /var/www/SiteA/public_html/
---
> # domain: SiteBroken
> # public: /var/www/SiteBroken/public_html/
7,9c6,8
< ServerAdmin webmaster@SiteA
< ServerName www.SiteA
< ServerAlias SiteA
---
> ServerAdmin webmaster@SiteBroken
> ServerName www.SiteBroken
> ServerAlias SiteBroken
13c12
< DocumentRoot /var/www/SiteA/public_html
---
> DocumentRoot /var/www/SiteBroken/public_html
16,17c15,16
< ErrorLog /var/www/SiteA/log/error.log
< CustomLog /var/www/SiteA/log/access.log combined
---
> ErrorLog /var/www/SiteBroken/log/error.log
> CustomLog /var/www/SiteBroken/log/access.log combined
19,20d17
<
/etc/apache2/sites-available
total 44K
-rw-r--r-- 1 root root 6.3K Jan 7 2014 default-ssl.conf
-rw-r--r-- 1 root root 1.4K Jan 7 2014 000-default.conf
-rw-r--r-- 1 root root 626 Mar 31 00:42 SiteA.conf
drwxr-xr-x 8 root root 4.0K Jun 1 07:13 ..
-rw-r--r-- 1 root root 713 Jun 1 07:16 SiteBroken.conf
drwxr-xr-x 2 root root 4.0K Jun 1 07:16 .
I noticed this error message in the error log from yesterday when I was trouleshooting.
/var/www/SiteBroken/log$ cat error.log
[Tue Mar 31 03:22:14.410438 2015] [:error] [pid 25622] [client 113.123.33.183:47379] script '/var/www/SiteBroken/public_html/phpinfo.php' not found or unable to stat
SiteA which is running perfectly fine has all the same wordpress files and such, there is no phpinfo.php
file in SiteA's directory, I am unsure as to why one site is running but I am unable to view SiteB
I recently chown of the entire public_html directory to www-data but this still did not resolve the 403 error message.
sudo chown -R www-data:www-data /var/www/SiteBroken/public_html/
drwxr-xr-x 5 www-data www-data 4.0K Jun 1 07:25 public_html
Enabled log level debuging and all I see is the output form stopping and restating apache, in addition to this missing `/var/www/html/moadmin.php' file and whether or not this file is necessary
[Mon Jun 01 07:25:38.832460 2015] [mpm_prefork:notice] [pid 9847] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Mon Jun 01 07:25:38.832538 2015] [core:notice] [pid 9847] AH00094: Command line: '/usr/sbin/apache2'
[Mon Jun 01 08:27:58.649847 2015] [mpm_prefork:notice] [pid 9847] AH00169: caught SIGTERM, shutting down
[Mon Jun 01 08:27:59.551789 2015] [mpm_prefork:notice] [pid 10198] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Mon Jun 01 08:27:59.551885 2015] [core:notice] [pid 10198] AH00094: Command line: '/usr/sbin/apache2'
[Mon Jun 01 10:43:46.042411 2015] [:error] [pid 10208] [client 89.248.172.27:51451] script '/var/www/html/moadmin.php' not found or unable to stat
[Tue Jun 02 07:53:47.086020 2015] [mpm_prefork:notice] [pid 10198] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 07:53:48.203046 2015] [mpm_prefork:notice] [pid 12370] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 07:53:48.203105 2015] [core:notice] [pid 12370] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 07:57:14.417485 2015] [mpm_prefork:notice] [pid 12370] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 07:57:15.280777 2015] [mpm_prefork:notice] [pid 12515] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 07:57:15.280852 2015] [core:notice] [pid 12515] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 07:59:45.902752 2015] [mpm_prefork:notice] [pid 12515] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 07:59:47.017507 2015] [mpm_prefork:notice] [pid 12653] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 07:59:47.017577 2015] [core:notice] [pid 12653] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 08:05:59.014895 2015] [mpm_prefork:notice] [pid 12653] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 08:06:00.124043 2015] [mpm_prefork:notice] [pid 12787] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 08:06:00.124101 2015] [core:notice] [pid 12787] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 08:23:09.214883 2015] [mpm_prefork:notice] [pid 12787] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 08:23:10.332498 2015] [mpm_prefork:notice] [pid 13039] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 08:23:10.332556 2015] [core:notice] [pid 13039] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 08:40:06.186778 2015] [mpm_prefork:notice] [pid 13039] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 08:40:07.305531 2015] [mpm_prefork:notice] [pid 13491] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 08:40:07.305595 2015] [core:notice] [pid 13491] AH00094: Command line: '/usr/sbin/apache2'
Update: ls -la
/var/www$ ls -la
total 48
drwxr-xr-x 7 root root 4096 Jun 2 08:21 .
drwxr-xr-x 14 root root 4096 Mar 28 14:40 ..
drwxr-xr-x 5 root root 4096 Mar 31 00:42 SiteA (working website)
drwxr-xr-x 2 root root 4096 May 30 12:50 html
drwxr-xr-x 6 root www-data 4096 May 30 14:55 SiteBroken
Update 6/6/15
I modified the apache.conf
file after reading several other SE posts, to the following:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
I even added my full document root in there to test everything and anything:
<Directory /var/www/html/SiteBroken/public_html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
Now my SiteBroken does appear and generates when I point my browser to the URL, however, now I am unable to nagigate to any pages, i.e. www.sitebroken.com/foo
or www.sitebroken.com/bar
I've been told my Virutal Server cannot read the php files? Is this so?
/var/www/html/SiteBroken/public_html$
total 188K
-rw-r--r-- 1 root root 3.0K Apr 4 20:23 xmlrpc.php
-rw-r--r-- 1 root root 4.0K Apr 4 20:23 wp-trackback.php
-rw-r--r-- 1 root root 25K Apr 4 20:23 wp-signup.php
-rw-r--r-- 1 root root 11K Apr 4 20:23 wp-settings.php
-rw-r--r-- 1 root root 8.1K Apr 4 20:23 wp-mail.php
-rw-r--r-- 1 root root 33K Apr 4 20:23 wp-login.php
-rw-r--r-- 1 root root 2.7K Apr 4 20:23 wp-load.php
-rw-r--r-- 1 root root 2.4K Apr 4 20:23 wp-links-opml.php
-rw-r--r-- 1 root root 2.9K Apr 4 20:23 wp-cron.php
-rw-r--r-- 1 root root 2.7K Apr 4 20:23 wp-config-sample.php
-rw-r--r-- 1 root root 4.9K Apr 4 20:23 wp-comments-post.php
-rw-r--r-- 1 root root 271 Apr 4 20:23 wp-blog-header.php
-rw-r--r-- 1 root root 4.9K Apr 4 20:23 wp-activate.php
-rw-r--r-- 1 root root 7.1K Apr 4 20:23 readme.html
-rw-r--r-- 1 root root 20K Apr 4 20:23 license.txt
-rw-r--r-- 1 root root 418 Apr 4 20:23 index.php
drwxr-xr-x 12 root root 4.0K Jun 6 18:17 wp-includes
drwxr-xr-x 6 www-data www-data 4.0K Jun 6 18:17 wp-content
drwxr-xr-x 5 root root 4.0K Jun 6 18:17 .
drwxr-xr-x 9 root root 4.0K Jun 6 18:17 wp-admin
drwxr-xr-x 5 root root 4.0K Jun 6 18:17 ..
-rw-r--r-- 1 root root 3.5K Jun 6 19:03 wp-config.php
Like I said in one of my comments, I have another site, SiteA completely mirror to SiteBroken's configurations and I am stumped how one site can work and the other, SiteBroken, receives then 403 errors and now a 404 error.
The requested URL /foo/ was not found on this server.
I have been making use of these questions
https://askubuntu.com/questions/448944/where-to-place-my-local-website-starting-with-the-2-4-7-version-of-apache2 and
https://stackoverflow.com/questions/6959189/apache-virtualhost-403-forbidden
I also briefly installed nginx and ran into a similar problem where I believe nginx was unable to read my php files?
Best Answer
Changing ownership to www-data:www-data with r/w permissions for the folders hosting the content will allow the httpd process to write to this folder which, depending on the complexity of the application and it's security, might give a hacker a way to overwrite legit code with stuff of his or her own choosing.
Likely the issue is you need to add the execute bit to the parent folders and change groups:
Without the execute bit the process cannot descend in to the folder to read the files, even if it owns them.